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(54) A communications system 

(57) A communications system comprises a plurality of interfaces (20) each of which can receive and/or 
transmit data to a common transmission network (21). Each interface (20) transmitting data to the network (21) 
attaches a classification code to the transmitted data, and each interface (20) receiving data from the network 
(21) retrieves the classification code and restricts access to the associated data in dependence upon that 
classification code. The invention alleviates the need to employ "secure" and "clear" communications networks 
in parallel, and is especially applicable to aircraft communications. 
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At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy. 

BEST AVMiUMSLt COPY 



> 




Fig.2. 



2/3 



Fig.3. 



ANALOGUE 
INTERFACE 



39 



7 



40 



30 



EXTERNAL 
CLASSIFICATION 
SOURCE 



33 



ISOLATOR 

I I 



SWITCH 



MMI 



CONTROL 
DISPLAY 



MMI 
PROCESSOR 



MAIN 
PROCESSOR 



32 



LAPD 
PROCESSOR 



PRIMARY RATE 
INTERFACE 



34 



~7 



21 -x REVERSIONARY 
SWITCH 



< 



21 



21 



r 



RADIO 
CONTROL 
INTERFACE 



1 



20 




3/3 



Fig.5A. 



Fig.5B. 



o 

LU 
< 



1 


0 


1 


0 


1 { 


i 




i 


1 1 1 


1 1 


1 ° 


o 


o 


o J 


1 LU 


LU 1 


LU 


LU t 


l S 


2 1 






1 < 


< 1 


< 1 


< 1 


I CC 


CC I 


CC I 


CC I 



ll 



o 

LU 

< 



o 
LU 

< 

CC 



Fig.6. 



41 



SERIAL 
CLOCK 



FRAME N /SLOT X 



45 



FRAME COUNTER 
i i i ~ 



RESET 
63 



i i 



FRAME N+1 /SLOT X 



45 



7 



RESET 



41 



61 



EX-OR 



THRESHOLD 

(=3) 



I 



mum 



DECODE LOGIC 
IS COUNT = 256? 



64 



^2 

ERROR 
COUNTER 



THRESHOLD 
COMPARISON 
LOGIC 



T 



V 



COMPARE 
ENABLE 



65 



1 

A COMMUNICATIONS SYSTEM 



2299000 



The present invention relates to a communications system for communicating data, 
which for example may be speech data, encrypted speech data, data from instruments or 
facsimiles, which data has a classification associated with it. In particular, but not 
exclusively, the invention relates to a communications system for use on board an 
S aircraft, which communications system segregates clear and secure information. 

On board some aircraft, especially military aircraft, it is necessary to be able to 
communicate both "secure" and "clear" data between two or more points on that aircraft. 
It is also necessary and important that communication can also be established quickly 
1 0 between one or more points on the aircraft and a point external to the aircraft, normally 
by means of radio apparatus. Satisfying both these requirements reliably results in a 
complex communications system in order to ensure that secure data cannot accidentally 
be transmitted externally, or to an unintentional recipient aboard the aircraft itself. 

15 In certain military aircraft, for example advanced early warning aircraft (AWACS), there 
may be up to thirty or more interfaces between the communications system and 
equipment or crew members, which interfaces need to communicate both clear and 
secure information both within the aircraft and also to external sources via a radio link. 
Figure I of the attached drawings schematically shows the arrangement adopted in such 

20 communications systems. This comprises a secure communication network 1 and clear 
communication network 2 to which a plurality of interfaces 5 to 7 are connected. 
Interfaces 3 to 4 may transmit speech data to or from a member of the air crew or provide 
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information to or from instruments aboard the aircraft. Depending on the source of the 

information, this will either be routed via the secure network 1 or clear network 2. In 
this way, information on the secure network 1 is isolated from radio 7. Some crew 
members have the option of transmitting information either by secure network 1 or clear 
S network 2, and this is typically achieved by means of a switch which indicates over 
which network the operator wishes to transmit. Secure information from any source 
which is to be transmitted externally via radio 7 is placed on the secure network 1 and 
addressed to an encryptor 6. The encryptor encrypts the data before transmitting it to the 
radio 7 by clear network 2. Similarly, any encrypted data received via the radio is 
10 decoded by encryptor 6, and the decoded data transmitted to its destination by secure 
network 1. 

A drawback of the system illustrated in Figure 1 is that it requires effectively two 
completely separate communications systems with two sets of wires, or other such links, 
IS running around the aircraft and two sets of circuitry at most connection points, one 
associated with the secure network and one with the clear network. It is the aim of the 
present invention to provide an improved communications system. 

According to a first aspect of the present invention there is provided a communications 
20 system comprising means for attaching a code to data to be transmitted, which code 
indicates a classification associated with that data. 

By employing the present invention, each piece of data to be transmitted can have a 
code, or tag, attached to it, this enabling the classification of the data to be identified by 
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means of the code as opposed to the communications network over which it is received, 
eliminating the need to have two separate networks. 



Preferably the communications system comprises: a transmission medium; at least one 
5 interface through which data can be supplied to the transmission medium, the interface 
comprising an input for receiving the data, means for determining a classification 
associated with the data, means for attaching a classification code to the data dependent 
on the associated classification, and means for supplying the data and associated 
classification code to the transmission medium; and at least one interface through which 
10 the data can be extracted from the transmission medium, the interface comprising means 
for receiving the data and attached classification code, means for determining from the 
classification code the classification relating to the data, and means for controlling access 
to the data dependent on the classification. 

15 The above arrangement enables a single transmission medium, which may be a 
transmission line networic, typically an optical fibre network or a hard wired network, 
to convey both secure and clear information, eliminating the need for duplication, 
without compromising security. Only those interfaces authorised to receive a particular 
classification of data will permit that data to be disseminated. The system permits two 

20 or more classifications to be used. 

Advantageously data can only be extracted from the transmission medium via the 
interfaces, thereby no other access can be gained to data on the system. 
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In certain applications it may be desirable that an interface permits data to be both 

supplied to and extracted from the transmission medium, such an interface enabling, for 

example, a person to both transmit and receive speech data to and from the transmission 

medium. 

5 

Advantageously the system further comprises an encryptor connected to the transmission 
medium via at least one of the interfaces, the encryptor being arranged: to receive, from 
the transmission medium, data carrying a first classification code; to encrypt that data; 
and supply the encrypted data back to the transmission medium by an interface which 
10 attaches a different classification code* This enables data, for example speech data, 
having a secure classification code, or tag, associated with it to be encrypted and 
reclassified such that the encrypted data can then be received by a device, for example 
a radio, which would not have had access to that data with its previous classification 
code. 

15 

Preferably the data transmitted by said transmission medium is in a digital format for this 
facilitates attachment of a classification code, or tag. It is particularly advantageous for 
the transmission medium to comprise a number of channels, each channel being 
associated with a data string received via one interface, the data string being transmitted 
20 via the transmission medium in a series of time sequential frames, each frame comprising 
one slot associated with a specific data string, each slot being defined by a number of 
bits with one bit, a classification code bit, being reserved for carrying a classification 
code. In this manner a classification code accompanies every slot in every frame. 
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Advantageously an interface supplying data to the transmission medium sets the status 
of the classification code bit such that the status of corresponding classification code bits 
of corresponding slots in sequential frames varies in a predetermined pattern indicative 
of an associated classification, the interface extracting information from the transmission 
5 medium comprising means for detecting said pattern. This enables only a single bit from 
each slot to establish a code. Furthermore the classification code can be selected such 
that any corruption of the code causes the system to assign a secure classification code 
to the associated data. 

10 The present invention is particularly advantageous when employed in aircraft 
communications systems where security of information is primary importance and where 
it is desirable to minimise the amount of communications equipment carried. 

According to a second aspect of the present invention there is provided a method of 
IS transmitting data comprising attaching a code to the data, which code indicates a 
classification associated with that data. 

Preferably the method further comprises receiving data and an associated classification 
signal, attaching a classification code to the data in dependence on the classification 
20 signal received, transmitting the data and associated code via a transmission medium, 
receiving the data and associated code from the transmission medium, determining the 
classification from the classification code, and controlling access to the data dependent 
on the classification. 
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One embodiment of the present invention will now be described, by way of example 
only, with reference to Figures 2 to 6 of the accompanying drawings, in which like 
reference numerals are used to indicate like features and of which: 

5 Figure 2 schematically illustrates the interconnection between interfaces of a 
communications system in accordance with the present invention; 

Figure 3 schematically illustrates the various functions performed by each interface of 
Figure 2; 

10 

Figure 4 shows the arrangement of a frame of data transmitted between the interfaces of 
Figures 2 and 3; 

Figure 5 is an example of a classification code; and 

15 

Figure 6 illustrates apparatus for decoding the classification code of Figure 5. 

Referring to Figure 2, there is illustrated a number of interfaces 20 each connected to 
four other interfaces via twisted pair wire links 21. The provision of four links to each 
20 interface is to provide redundancy in the event that any link or interface is damaged or 
malfunctions. The six interfaces could be linked in a simple linear arrangement, or 
alternatively in a closed loop arrangement which provides at least two routes between 
any two interfaces. Any number of interfaces 20 may be connected, but each of the 
interfaces 20 will have associated with it a particular piece of equipment, and on an 
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aircraft at least one interface will be associated with a radio, at least one with a member 
of air crew permitting him to both receive and transmit speech data. In addition at least 
one interface will normally be associated with a resource of the aircraft such as 
instrumentation data or a radar, or means for generating an audible warning, for example 
in case of an engine failure. 

Referring to Figure 3, the functions performed by each of the interfaces 20 of Figure 2 
are illustrated. With the exception of the functions separated by broken lines, all other 
functions are common to all the interfaces regardless of the application to which the 
interface is put. 

The interface 20 comprises a reversionary switch 31 connected to four twisted pair wire 
links 21 which are each in turn connected to a reversionary switch of one of the other 
interfaces 20 of Figure 2. The reversionary switch has the function of maintaining 
appropriate connections between the twisted pairs 21 should the interface 20 be powered 
down or failed. This function is performed by a number of relays in the switch that 
cross-connect the external connections. 

Data received on links 21 by the reversionary switch 3 1 is transmitted to the primary rate 
interface 32 which provides balanced termination of the communication links 21, 
extracts synchronisation information and provides plesiochronous buffering. The 
primary rate interface 32 is connected to switch 33 which routes both audio and control 
data as appropriate. The switch 33 can also connect any slot from any primary rate 
interface to any other primary rate interface, and it is by means of this switch 33 that the 
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communications system, as illustrated in Figure 2, is truly distributed. 

The communications system transmits data in a digital format that comprises a number 
of control slots as explained below with reference to Figure 4. The switch 33 routes 
5 control slots to link access protocol on the D-channel (LAPD) processor 34 which 
formats both audio and control data into a suitable format. The LAPD processor 34 
performs cyclic redundancy checking and associated management of frame 
acknowledgement, frame delimiting and bit stuffing. 

10 The switch 33 and LAPD 34 are connected to a main processor 35 which is additionally 
connected to either a man/machine interface (MMI) consisting of a control display 36 
and associated processor 37, if the particular interface 20 provides a terminal for a user, 
or alternatively if the particular interface is associated with an encryptor, there will be 
an input to the main processor from the encryptor. If the interface 20 is associated with 

15 a radio, a radio control interface 38 is connected to both the main processor and the 
LAPD processor. These various inputs to the main processor 35 provide the processor 
with the address that data is being sent to, and the classification associated with that data. 
The main processor 35 also provides appropriate control data to the radio control 
interface, control display or encryptor. 

20 

All the data received and processed by the main processor 35 is control data, with all 
other data such as speech data being received or disseminated via analogue interface 39 
and associated isolator. The analogue interface 39 depending on application may be 
connected via an A-to-D and/or D-to-A converter, to the mic and tels of an operator, to 
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the input/output of an encryptor, or to the input/output of a radio frequency 
transmitter/receiver. Data passing through the analogue interface 39 is the data that is 
to be, or has been transmitted via communications links 21. The analogue interface 
provides the input/output for all such data and can be selectively isolated from the rest 
5 of the communications system by isolator 40, controlled by the main processor 35, or 
external classification source 30. 

The isolator 40 provides two functions. When data is received by the analogue interface 
39 for transmission via links 21 , a corresponding signal is received which indicates the 

10 classification of the information being received by the analogue interface 39. For 
example in the case of a man/machine interface a classification signal is input by an 
operator via control display 36 and MMI processor 37, . When the interface 20 is 
associated with a radio transmitter/receiver, the main processor 35 is pre-programmed 
to treat the information received as clear, similarly when the interface 20 is associated 

15 with an encryptor then encrypted data received from the encryptor via the analogue 
interface 39 will be classified as clear while data that has been deciphered is classified 
as secure. An appropriate control signal is applied to the isolator 40 which generates an 
appropriate classification code on the data transmitted. This code is described in more 
detail below with reference to Figures 4 and 5. 

20 

The isolator 40 in addition to coding data to be transmitted via the links 21 also isolates 
data received via the links 21 from the analogue interface 39 in dependence upon the 
classification code associated with the received data. Where the interface 20 is 
associated with a radio over which no secure data is permitted to be transmitted, any data 
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received from the communications system having a code indicating that that data is 
secure is isolated by isolator 40 from the analogue interface. The mechanism by which 
the isolator decodes the classification signal is described below with reference to Figures 
4, 5 and 6. 

5 

Where the interface 20 is associated with an encryptor, data is received from the links 
2 1 of the communications system and the data encrypted or deciphered depending on the 
accompanying control information. Where data received from the encryptor is encrypted 
the isolator associates with that data a classification code indicating that that data is 
10 clear. This enables that data to be transmitted via an interface associated with a radio 
elsewhere on the communications system. 

The data transmitted by the communications system is transmitted in a digital format as 
a number of sequential frames. Each frame 41 comprises thirty-two slots 42 as 
15 schematically illustrated in Figure 4, each of which comprises eight bits 43, six bits 
carrying the data to be transmitted, with one bit, 44, reserved for control data and one bit, 
45, reserved for a classification code. Corresponding slots in sequential frames define 
a channel, the system carrying up to thirty data channels simultaneously, with two 
channels being reserved for system control signals. 

20 

Data received by the interface 20 of Figure 3 via the analogue interface 39 is encoded 
by the isolator 40 as either being clear or secure. When the isolator 40 receives a signal 
indicating the data received from the analogue interface 39 is clear, then the isolator 
alternatively sets classification bits 45 of sequential frames 41 high and low as illustrated 



1 1 P/60550/APD 
in Figure 5 A. If the isolator receives a signal indicating that the information received 
from the analogue interface 39 is secure then it sets each corresponding classification bit 
45 of each sequential frame low, as illustrated in Figure 5B. The data is then transmitted 
by the interface 20 onto lines 21 with the data being transmitted on a particular channel 
5 which channel comprises one set of consecutive slots 42 of sequential frames 41 . 

Referring to Figure 6, the isolator 40 extracts the classification bit 45 from data received 
via links 21 and compares the logic of corresponding classification bits 45 of consecutive 
frames 41 by exclusive OR-ing the status of the present bit with that of the previous bit. 

10 If the data received is clear, the status of these bits will alternate between high and low 
and the exclusive OR gate 61 will not detect any errors. If the security bits of 
corresponding slots in consecutive frames do not alternate between high and low then 
the exclusive OR gate will detect an error which will be recorded in error counter 62. 
After 256 frames have been recorded in the frame counter 63 the error counter is reset 

15 by decode logic 64. A threshold comparator 65 compares the output of the error counter 
62 with a predetermined threshold value, normally three, such that if the error count 
reaches this threshold then the data being received is classified as secure and the isolator 
30 sends a signal to the main processor 25 which determines whether data with that 
classification code can be permitted to pass to the analogue interface. Any corruption 

20 of the classification code conveyed by sequential classification bits will cause a large 
number of errors to be detected by the error counter which will in turn cause the 
associated data to be treated as secure. It will be noted that a single bit in error will 
result in apparently two errors on the counter. 
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Many variations of the embodiment described above, with reference to the figures, will 
be apparent to a person skilled in the ait, which variations will be within the scope of the 
appended claims. In particular it will be appreciated that, depending on the amount of 
data to be transmitted and the capacity of the system used, it may be desirable to transmit 
the classification code as a single bit in a time multiplexed frame sequence, where a 
classification code bit is placed in selected frames only. 
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1 . A communications system comprising means for attaching a code to data to be 
transmitted, which code indicates a classification associated with that data. 

2. A communications system as claimed in claim 1 comprising: 
a transmission medium; 

at least one interface through which data can be supplied to the transmission 
medium, the interface comprising an input for receiving the data, means for determining 
a classification associated with the data, means for attaching a classification code to the 
data dependent on the associated classification, and means for supplying the data and 
associated classification code to the transmission medium; and 

at least one interface through which data can be extracted from the transmission 
medium, the interface comprising means for receiving the data and attached 
classification code, means for determining from the classification code the classification 
relating to the data, and means for controlling access to the data dependent on the 
classification. 

3. A system as claimed in claim 2 wherein data can only be extracted from the 
transmission medium via one of the interfaces. 

4. A system as claimed in claim 2 wherein data can be both supplied to or extracted 
from the transmission medium via one of the interfaces. 
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5. A system as claimed in claim 2, 3, or 4 wherein the transmission medium is a 
transmission line network. 

6. A system as claimed in claim 2, 3, 4 or 5 comprising a transmission medium 
common to at least three interfaces. 

7. A system as claimed in any one of claims 2 to 6 comprising an encryptor 
connected to the transmission medium via at least one of said interfaces, the encryptor 
being arranged to receive from the transmission medium data carrying a first 
classification code, to encrypt that data and supply the encrypted data back to the 
transmission medium by an interface which attaches a different classification code. 

8. A system as claimed in any one of claims 2 to 7 comprising a transmitter for 
receiving data from the transmission medium via an associated interface and transmitting 
that data via an unrestricted transmission medium* the system comprising means for 
preventing transmission of the data via said transmitter in dependence on the associated 
classification code. 

9. A system as claimed in any one of claims 2 to 8 wherein data is transmitted by 
said transmission medium in a digital format. 

10. A system as claimed in claim 9 wherein the transmission medium comprises a 
number of channels, each channel being associated with a data string received via one 
interface, the data string being transmitted via the transmission medium in a series of 



15 P/60550/APD 
time sequential frames, each frame comprising one slot associated with a specific data 
string, each slot being defined by a number of bits with one bit, a classification code bit, 
being reserved for carrying a classification code. 

11. A system as claimed in claim 10 wherein an interface supplying data to the 
transmission medium sets the status of the classification code bit such that the status of 
corresponding classification code bits of corresponding slots in sequential frames varies 
in a predetermined pattern indicative of an associated classification, and in which an 
interface extracting information from the transmission medium comprises means for 
detecting said pattern. 

12. A system as claimed in claim 10 wherein the classification code bit is inserted 
only in selected frames. 

13. A system as claimed in claim 11 or 12 wherein in the absence of the correct 
pattern being detected the receiving interface allocates a secure classification to that data. 

14. An aircraft communication system comprising a system as claimed in any 
preceding claim. 

15. A communication system substantially as hereinbefore described with reference 
to, and as illustrated in, Figures 2 to 6 of the accompanying drawings. 



16. A method of transmitting data comprising attaching a code to the data, which 
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code indicates a classification associated with that data. 
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17. A method as claimed in claim 16 further comprising receiving data and an 
associated classification signal, attaching a classification code to the data in dependence 
on the classification signal received, transmitting the data and associated code via a 
transmission medium, receiving the data and associated code from the transmission 
medium, determining the classification from the classification code, and controlling 
access to the data dependent on the classification. 

18. A method as claimed in claim 17 comprising transmitting the data in a digital 
format. 

19. A method as claimed in claim 1 8 comprising transmitting a data string on one of 
a number of channels, the channel comprising one slot in a series of sequential frames, 
each slot comprising a number of bits, the method further comprising setting the status 
of one bit, a classification code bit, of corresponding slots in sequential frames in 
dependence on the classification signal received such that the status of sequential 
classification code bits varies in a predetermined pattern indicative of an associated 
classification, and detecting the pattern on receiving the data and associated code. 

20. A method substantially as hereinbefore described with reference to Figures 2 to 
6 of the accompanying drawings. 
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